CVE-2020-9711

CVE-2020-9711 describes an out-of-bounds read (CWE-125) in Adobe Acrobat/Reader. Affected products include multiple lines of Acrobat/Reader: DC Continuous and Classic channels, across 2015, 2017, 2020 release families (e.g., 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earli...

CVE-2024-33909

CVE-2024-33909 affects WordPress iPages Flipbook (vulnerable up to 1.5.1) and is a Missing Authorization/ broken access control issue. The connected records indicate an improper authorization check allowing access to protected resources due to incorrectly configured access control levels. Impact ...

CVE-2024-31435

CVE-2024-31435 affects the WordPress plugin Social Media & Share Icons (versions up to 2.8.6). The issue is a Missing Authorization vulnerability caused by incorrectly configured access control levels, enabling access to protected functionality without proper permissions. The CVE entry lists a Pa...

CVE-2024-34810

CVE-2024-34810 is a CSRF vulnerability affecting Skyline WP

CVE-2022-47150

CVE-2022-47150 concerns CSRF in WordPress plugins referencing WooCommerce Conversion Tracking. Affected product: WooCommerce Conversion Tracking plugin for WordPress, versions up to and including 2.0.10. Underlying issue: Cross-Site Request Forgery, enabling unauthenticated or unauthorized action...

CVE-2023-33999

Technical details on CVE-2023-33999 are not provided in the supplied documents. Please monitor for updates from vendors/security advisories before assessing impact, affected products, or fixes.

CVE-2023-5502

CVE-2023-5502 affects Arista EOS platforms where 802.1x is configured on access/trunk ports and IP routing is enabled on the access VLAN; a malicious supplicant may bypass 802.1x authentication. Arista’s advisory 0096 documents affected EOS releases (e.g., 4.31.x, 4.30.x, 4.29.x, 4.28.x, 4.27.x, ...

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. Affected software is SOPlanning; the vulnerability arises in the groupe_id handling, enabling injection that can affect authenticated users and potentially hijack sessions (per C...

CVE-2023-42343

OpenCMS before 10.5.1 is vulnerable to a Cross-Site Scripting (XSS) issue via the CMIS online endpoint cmis-online/type. The vulnerability is described across multiple connected sources (CVE-2023-42343, EUVD-2023-46796, NVD/NVDC, and nuclei templates) as an XSS flaw in the /opencms/cmisatom/cmis-...

CVE-2024-33288

The CVE-2024-33288 entry covers a SQL injection vulnerability in Prison Management System Using PHP v1.0, exposed on the Admin login page via the username parameter. Multiple connected sources document an authentication bypass PoC and public exploits targeting admin access (e.g., by injecting adm...

CVE-2024-31119

CVE-2024-31119 is a DOM-based XSS vulnerability in the WordPress plugin Special Box for Content by Vasilis Triantafyllou. The issue is described as an improper neutralization of input during web page generation, enabling DOM‑Based XSS. Affected version range is listed as from “n/a through 1” (i.e...

CVE-2024-35644

CVE-2024-35644 describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Preferred Languages” by Pascal Birchler. The issue is caused by improper input neutralization during web page generation, enabling DOM-based XSS. It affects versions from n/a through 2.2.2 of th...

CVE-2024-31118

CVE-2024-31118 affects the WordPress plugin SP Project & Document Manager (versions up to 4.70). The issue is a Missing Authorization vulnerability caused by incorrectly configured access control security levels, potentially enabling unauthorized access to project/document resources. Public sourc...

CVE-2022-25369

CVE-2022-25369 (Dynamicweb) affects Dynamicweb versions before 9.12.8, where an unauthenticated attacker can create a new administrator account due to a logic flaw in setup phase checks. After becoming the newly created admin, the attacker can upload an executable and achieve command execution (r...

CVE-2024-30547

CVE-2024-30547 is a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin “Header Image Slider” where improper neutralization of input during web page generation allows DOM-based XSS. Affected: Header Image Slider versions up to 0.3. Root cause determined in connected sources as im...

CVE-2024-30461

CVE-2024-30461 affects Tumult Hype Animations (WordPress plugin) up to version 1.9.11. The issue is an DOM-based XSS caused by improper input neutralization during web page generation, enabling script execution in the context of a user’s browser. Public sources consistently describe this as a Cro...

CVE-2024-23511

CVE-2024-23511 describes a DOM-based XSS in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Affected product: The Plus Addons for Elementor Page Builder Lite (WordPress plugin) with versions up to and including 5.3.3. Root cause: improper input handling during web page generation leadin...

CVE-2023-52212

CVE-2023-52212 describes a Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager, affecting versions up to 2.0.0. The connected sources identify WP Job Manager as the affected product, with the root cause being CSRF in the plugin’s handling of requests, enabling CSRF under ...

CVE-2023-50897

CVE-2023-50897 concerns the WordPress plugin Media File Renamer (WordPress plugin “Media File Renamer”). The vulnerability is described as an Unrestricted Upload of File with Dangerous Type that enables an attacker to perform an arbitrary file rename, which can lead to a Remote Code Execution (RC...

CVE-2023-49186

CVE-2023-49186 affects the WordPress plugin Machic Core (